+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 30
Wired Networks Thread, Static default route question in Technical; I have implemented a ProCurve 5406 switch as a main layer 2/3 switch on the network. It has several VLANs ...
  1. #1

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Static default route question

    I have implemented a ProCurve 5406 switch as a main layer 2/3 switch on the network. It has several VLANs configured. Everything works properly except for internet access which only works for VLAN 1. There are 2 ISP routers connected to the switch. What I want is VLAN 1 to be routed through router1 and remainder of VLANs to be routed thought router2.
    The connection from 5406 to router1 is untagged for VLAN 1 and router1 has IP of 192.168.60.1.
    The connection from 5406 to router2 is tagged for all VLANs with exception VLAN 1 and router2 has IP of 192.168.52.1 for VLAN 52, 192.168.53.1 for VLAN 53, etc.
    All internal routing works as devices can ping the 5406 and both routers.


    The 5406 has the following IPs:
    192.168.60.2 for VLAN 1
    192.168.52.2 for VLAN 52
    192.168.53.2 for VLAN 53
    These are the IPs that are served as default gateways in DHCP


    Here's the dilemma. I have a static default route of 0.0.0.0 0.0.0.0 192.168.60.1 on the 5406. Now what the 5406 is doing is routing all traffic to the outside though router1 only. Is there a way to have default routes based on VLANs? Something along the lines of:
    0.0.0.0 0.0.0.0 192.168.60.1 for VLAN 1
    0.0.0.0 0.0.0.0 192.168.52.1 for VLAN 52
    0.0.0.0 0.0.0.0 192.168.53.1 for VLAN 53

    Any help would be greatly appreciated.

  2. #2

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    I don't know that switch/model and it might be cleverer, but I did play with some HP switch or other and it definitely couldn't do that. You could have say VLAN1 going out to the net via Router1 and VLAN2 going out to the net via Router2 but *only if* VLAN1 doesn't need to talk to VLAN2 or vice-versa, for instance you don't configure an IP for VLAN2 on the switch and set DHCP to hand our Router2's IP as the gateway for devices on VLAN2.

  3. #3

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    This is exactly how I have the non-VLAN 1 devices configured right now. The 5406 still has an IP address in VLANs 52, 53, etc, but the DHCP scope for these VLANs is serving router2's IP as the default gateway. Now I have internet access on these VLANs, but they don't talk to VLAN 1 devices. Ultimately I might have to start looking at tagging all VLANs going to router1 and forget about router2.

  4. #4

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    14
    Yes you can have separate routing for each vlan on a layer 3 switch.

  5. #5

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    How would I go about implementing that? Any syntax examples would be greatly appreciated.

  6. #6

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by sosmrttech View Post
    I have implemented a ProCurve 5406 switch as a main layer 2/3 switch on the network. It has several VLANs configured. Everything works properly except for internet access which only works for VLAN 1. There are 2 ISP routers connected to the switch. What I want is VLAN 1 to be routed through router1 and remainder of VLANs to be routed thought router2.
    The connection from 5406 to router1 is untagged for VLAN 1 and router1 has IP of 192.168.60.1.
    The connection from 5406 to router2 is tagged for all VLANs with exception VLAN 1 and router2 has IP of 192.168.52.1 for VLAN 52, 192.168.53.1 for VLAN 53, etc.
    All internal routing works as devices can ping the 5406 and both routers.


    The 5406 has the following IPs:
    192.168.60.2 for VLAN 1
    192.168.52.2 for VLAN 52
    192.168.53.2 for VLAN 53
    These are the IPs that are served as default gateways in DHCP


    Here's the dilemma. I have a static default route of 0.0.0.0 0.0.0.0 192.168.60.1 on the 5406. Now what the 5406 is doing is routing all traffic to the outside though router1 only. Is there a way to have default routes based on VLANs? Something along the lines of:
    0.0.0.0 0.0.0.0 192.168.60.1 for VLAN 1
    0.0.0.0 0.0.0.0 192.168.52.1 for VLAN 52
    0.0.0.0 0.0.0.0 192.168.53.1 for VLAN 53

    Any help would be greatly appreciated.
    I am not familiar with HP hardware or the CLI. I believe you need to implement some policy based routing. On Cisco devices you create something called a route-map; I would imagine something similar exists in the HP world.

  7. #7

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    14
    It doesn't need to get as complicated as PBR - you simply need layer 3 addressing for each subnet and then route based on that. Your layer 3 switch can be used or you can have subinterfaces on the router for each vlan. Then either using static routes to point each vlan at it's next hop, or a dynamic routing protocol like OSPF or EIGRP to dynamically propagate the routes you want.

  8. #8

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by Destinova View Post
    It doesn't need to get as complicated as PBR - you simply need layer 3 addressing for each subnet and then route based on that. Your layer 3 switch can be used or you can have subinterfaces on the router for each vlan. Then either using static routes to point each vlan at it's next hop, or a dynamic routing protocol like OSPF or EIGRP to dynamically propagate the routes you want.
    Sounds interesting. Can you give an example of what that configuration would look like?

  9. #9

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    14
    Quote Originally Posted by Mehmet View Post
    Sounds interesting. Can you give an example of what that configuration would look like?
    Sure - with the caveat that this is Cisco syntax - I've not done much work with HP gear at layer 3.

    The "old way" or router on a stick using subinterfaces on your router for each vlan:

    interface GigabitEthernet0/0
    description Inside1
    no ip address
    duplex full
    speed 1000
    media-type rj45

    interface GigabitEthernet0/0.1
    encapsulation dot1q 1 native
    ip address 192.168.60.2 255.255.255.0 (not sure of what mask you wanted here...)

    interface Gigabitethernet0/0.52
    encapsulation dot1q 52
    ip address 192.168.52.2 255.255.255.0

    interface GigabitEthernet0/0.52
    encapsulation dot1q 53
    ip address 192.168.53.2 255.255.255.0

    etc.

    Each vlan uses these addresses as it's default gateway.

    Alternatively, and the current recommended way - at least in the Cisco world - is to have a layer 3 switch as your gateway - this way inter-vlan routing is not hairpinning on the router. This just uses layer 3 vlan interfaces rather than subinterfaces:

    interface vlan 1
    ip address 192.168.60.2 255.255.255.0
    no shut

    interface vlan 52
    ip address 192.168.52.2 255.255.255.0
    no shut

    interface vlan 53
    ip address 192.168.53.2 255.255.255.0
    no shut

    Then whatever routing protocol you want and advertise those routes to your router (of course you need to run the same protocol on the router to advertise your WAN links)

    router ospf 1
    network 192.168.60.0 0.0.0.255 area 0
    network 192.168.52.0 0.0.0.255 area 0
    network 192.168.53.0 0.0.0.255 area 0

    Static routes can also be used if you want to specify a different path for specific traffic.

  10. #10

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    This is the current routing table:


    ZULU(config)# sh ip route

    IP Route Entries

    Destination Gateway VLAN Type Sub-Type Metric Dist.
    ------------------ --------------- ---- --------- ---------- ---------- -----
    0.0.0.0/0 192.168.60.1 1 static 1 1
    10.0.1.0/24 vMotion 11 connected 1 0
    127.0.0.0/8 reject static 0 0
    127.0.0.1/32 lo0 connected 1 0
    192.168.1.0/24 192.168.60.253 1 static 1 1
    192.168.2.0/24 192.168.60.253 1 static 1 1
    192.168.3.0/24 192.168.60.253 1 static 1 1
    192.168.4.0/24 192.168.60.250 1 static 1 1
    192.168.5.0/24 192.168.60.253 1 static 1 1
    192.168.6.0/24 192.168.60.253 1 static 1 1
    192.168.7.0/24 192.168.60.253 1 static 1 1
    192.168.8.0/24 192.168.60.253 1 static 1 1
    192.168.9.0/24 192.168.60.253 1 static 1 1
    192.168.11.0/24 192.168.60.253 1 static 1 1
    192.168.34.0/24 192.168.60.4 1 static 1 1
    192.168.51.0/24 Management 51 connected 1 0
    192.168.52.0/24 Wireless 52 connected 1 0
    192.168.53.0/24 VoIP 53 connected 1 0
    192.168.54.0/24 Central Store 54 connected 1 0
    192.168.55.0/24 Cameras 55 connected 1 0
    192.168.60.0/24 DEFAULT_VLAN 1 connected 1 0
    192.168.61.0/24 192.168.60.254 1 static 1 1

    The top static route is manually entered. I can't seem to find anything in the that allows me to enter routes based on VLAN. The "connected" one were dynamically generated bt the 5406.

    If I try adding a static route, there is no place to specify the VLAN:

    ZULU(config)# ip route
    IP-ADDR/MASK-LENGTH Specify IP address and mask of the route destination.
    ZULU(config)# ip route

  11. #11

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    14
    A vlan is just a subnet - if you want static routing just specify a route for the subnet of the vlan you want to change:

    ip route 192.168.52.0 255.255.255.0 <destination IP>

  12. #12

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It looks like the 5406 is already doing that.
    Destination Gateway VLAN Type Sub-Type Metric Dist.
    ------------------ --------------- ---- --------- ---------- ---------- -----
    192.168.52.0/24 Wireless 52 connected 1 0

    Where "Wireless" is the IP of 5406 for VLAN 52. This makes routing possible on the inside. However if the VLAN 52 needs to go outside, the 5406 routes it though the static default route (0.0.0.0/0 192.168.60.1). I can't seem to find a spot to specify default routes by VLANs.

  13. #13

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    14
    Where do you want the traffic to go, rather than 192.168.60.1 ?

  14. #14

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    For VLAN 1 I want the next hop to be 192.168.60.1. Which is exactly what's happening.
    For VLAN 52, the next hop should be 192.168.52.1
    For VLAN 53, the next hop should be 192.168.53.1
    All the intra VLAN routing works perfectly as the default gateway for each VLAN is the 5406. However any outside access is only sent through 192.168.60.1. I'm trying to come up with something along the lines of:

    0.0.0.0 0.0.0.0 192.168.60.1 for VLAN 1
    0.0.0.0 0.0.0.0 192.168.52.1 for VLAN 52
    0.0.0.0 0.0.0.0 192.168.53.1 for VLAN 53

    This would establish a different default route based on VLAN source.

  15. #15

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    14
    Do you have layer 3 interfaces for those addresses?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. 3com 2952 and default route
    By zeux in forum Wired Networks
    Replies: 14
    Last Post: 30th September 2011, 03:47 PM
  2. Default Gateway Question
    By farquea in forum Wireless Networks
    Replies: 9
    Last Post: 19th April 2011, 12:51 PM
  3. ISA 2006 - proxy/default gateway question
    By pantscat in forum Windows
    Replies: 11
    Last Post: 24th November 2008, 05:04 PM
  4. another routing question
    By RabbieBurns in forum *nix
    Replies: 9
    Last Post: 13th May 2008, 03:46 PM
  5. Dumb (?) Routing Question
    By ANiceEnglishman in forum Wireless Networks
    Replies: 5
    Last Post: 26th May 2006, 12:04 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •